Building a generic OO ACL using Doctrine
Asked Answered
V

1

4

I'm looking to design a doctrine-backed ACL system for my own use, although I'm struggling with some of the initial design considerations.

Right now I'm looking at making it based on classes and unique identifiers, storing them in a table as such:

Table: ACL
    ResourceClass
    ResourceKey
    RoleClass
    RoleKey
    Permission

Obviously this is going to demand that I introspect on classes that are being queried to derive the correct ResourceClass values.

I'm wondering if this approach has been done before or if anyone has some advice with doing it in a bettery way. Other things like recursive relationships between Roles also confound me as I'm not sure how to recursively query to build and ACL for a Resource.

I'm not a huge fan of Zend ACL, so please no suggestions for it - I am aware of it!

Further clarifications will be made to this question as people weigh in, so please bear with me! This question itself may require a few iterations! ;)

Veilleux answered 19/7, 2010 at 13:59 Comment(0)
L
3

I use NestedSet for storing the ACL hierarchy and cache to speed things up.

Doctrine ORM for PHP - NestedSet

Here is a post which may be useful too:

Zend_Acl part 3: creating and storing dynamic ACLs | CodeUtopia - The blog of Jani Hartikainen

(take a look at the two previous parts as well).

Lewert answered 19/7, 2010 at 20:15 Comment(3)
Awesome, I will have to look into all the different behaviours. Just to be clear, you used the NestedSet implementation for your roles/groups? That way you could obtain the full list of roles/groups and then query the table that stores all your permissions with all those keys?Veilleux
You don't need Doctrine for this. NestedSet is just an SQL pattern for storing tree lik structures in the database. You may implement it as you like. Stroring the ACL as NestedSet gives you ability to easily find the permissions of children, parents, ascendants etc. This suits very well for big ACL structures. For simple ACL's, an array, Zend_Config (or serializing the ACL, if you really need db) is enough.Lewert
I'm not interested in using zend_ACL as it's rather unwieldy. I'm hoping to get more details about how you are storing the ACL as a tree, as to me it is not really a tree of data. Whereas the roles are. I do need to store them in a database however. Which is why I'm using doctrine.Veilleux

© 2022 - 2024 — McMap. All rights reserved.